Snort mailing list archives
Re: Directory Traversal
From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 30 Sep 2001 08:24:22 -0700 (PDT)
On Sun, 30 Sep 2001, Jim Kipp wrote:
I turned off the IIS rules, but I am still getting frequent alerts of: Web-MISC http Directory Traversal. Class: attempted information leak Is this related to the nimbda or code red stuff? I tried to check it out at whitehats, but that site is still down.
Have a look at the alert. Notice the 'Web-MISC'? That rule is in web-misc.rules not in web-iis.rules. Related to CR and Nidma? Well, that's not the alert that I see for those... :-/ Have a look at the packet payload and it should help you determine what's going on. Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: (no subject), (continued)
- RE: (no subject) Reeves, Michael (GEAE, Compaq) (Sep 17)
- (no subject) Peter Fuggle (Sep 19)
- (no subject) Thomas Nilsen (Sep 20)
- Re: (no subject) richard (Sep 20)
- RE: (no subject) Steve Halligan (Sep 20)
- RE: (no subject) Jeff Anderson (Sep 20)
- RE: (no subject) Thomas Nilsen (Sep 20)
- (no subject) Kenny (Sep 27)
- (no subject) Lists (Sep 29)
- Directory Traversal Jim Kipp (Sep 30)
- Re: Directory Traversal Erek Adams (Sep 30)
- Re: Directory Traversal Jim Kipp (Sep 30)
- Directory Traversal Jim Kipp (Sep 30)